Three New Companion Guides to the CIS Controls Released

December 23, 2015

5 Min Read

PRESS RELEASE

East Greenbush, N.Y. – December 15, 2015 – The Center for Internet Security (CIS) announced today that more than 12,560 individuals and organizations have downloaded the CIS Critical Security Controls for Effective Cyber Defense Version 6.0 since their release to the public on October 15, 2015. The CIS Controls are a recommended set of actions that provide specific ways to stop today’s most pervasive and dangerous cybersecurity attacks. CIS also announced the release of three new Companion Guides to the CIS Controls today

“These new guides represent the ecosystem of working aids we're developing along with the CIS Controls to combat the increasing challenges and complexity of cybersecurity. Our expert panels will continue to create Companion Guides such as these to address specific challenges using the CIS Controls,” said Tony Sager, Senior Vice President and Chief Evangelist at the Center for Internet Security. “The same privacy content was in the recent V. 6.0 of the CIS Controls, but since our panel of experts and I consider privacy of such paramount importance, we opted to release this information in a separate Companion Guide as well,” he added.   

 

The three new Companion Guides to the CIS Critical Security Controls Version 6.0 are:

Internet of Things Security Companion to the CIS Critical Security Controls V. 6.0

A proliferation of smart devices are driving increased connectivity to custom corporate intranets to the Internet, providing adversaries and hackers new access vectors to launch attacks against these important networks. This Companion Guide for the CIS Critical Security Controls outlines how the CIS Controls are directly applicable to the current and future Internet of Things (IoT) networks.

Mobile Security Companion
to
the CIS Critical Security Controls V. 6.0

Mobile devices are starting to replace laptops for regular business use.  Organizations are building or porting their applications to mobile platforms, so users are increasingly accessing the same data with mobile as with their laptops.  Also, organizations have increasingly implemented Bring Your Own Device (BYOD) policies to manage this trend. This Companion Guide helps individuals and organizations apply the CIS Controls to tackle the problems inherent in the increased use of mobile devices.

Toward A Privacy Impact Assessment (PIA) Companion to the
CIS Critical Security Controls V 6.0

 

An effective posture of enterprise cybersecurity need not, and indeed, should not compromise individual privacy.  Many laws, regulations, guidelines, and recommendations exist to safeguard privacy, and enterprises will, in many cases, adapt their existing policies on privacy as they apply the Center for Internet Security Critical Security Controls for Cyber Defense Version 6.0. At a minimum, use of the CIS Controls should conform to the general principles embodied in the Fair Information Practice principles (FIPs) [1] and in Privacy by Design.[2]

An appendix was included in the CIS Critical Security Controls for Effective Cyber Defense Version 6.0 released October 15, 2015 to address the importance of safeguarding privacy and is now a stand-alone Companion Guide. It provides a framework to help organizations create a Privacy Impact Assessment.

According to CIS Chief Executive Officer Jane Holl Lute, “Effective cybersecurity should not compromise individual privacy. Every organization needs to look at their cybersecurity posture in order to assess and mitigate potential privacy risks. The new Companion Guides provide solutions for many of these challenges, including safeguarding users’ privacy configurations, patching vulnerabilities, and restricting unauthorized users.

The CIS Critical Security Controls panel experts dedicate themselves to ensuring the CIS Controls represent the community's best insight into threat, vulnerability, and defensive technology. The panelists also work to make sure the CIS Controls can be supported through cost-effective solutions.

“These new Companion Guides are great resources for individuals and organizations. We are grateful to the global cybersecurity leaders who devoted their personal time to the development of these guides,” said Steve Spano, President and Chief Operating Officer, Center for Internet Security.

Several members of the CIS team also provided development support for the new version of the Controls and Companion Guides. The CIS Controls and the new Companion Guides are on the Center’s website at http://www.cisecurity.org/critical-controls.cfm.

 

About the CIS Critical Security Controls V. 6.0

This free set of internationally recognized measures are developed, refined, and validated by a large international community of leading security experts. The CIS Critical Security Controls for Effective Cyber Defense Version 6.0 documentthe most important actions of cyber hygiene that every organization should implement to protect their information technology (IT) networks. A study by the Australian government Department of Defense revealed 85% of known cybersecurity vulnerabilities can be stopped by deploying the Top 5 CIS Controls. This includes taking an inventory of IT assets, implementing secure configurations, patching vulnerabilities, and restricting unauthorized users.

About the Center for Internet Security

The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls. To learn more please visit CISecurity.org or follow us on Twitter at @CISecurity.


[1] See http://www.dhs.gov/publication/fair-information-practice-principles-fipps, and  http://www.nist.gov/nstic/NSTIC-FIPPs.pdf

[2] See https://www.privacybydesign.ca.  The approach discussed in this Annex draws  heavily on public sector approaches in the United States, but can be adapted for any jurisdiction.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights